CVE-2014-2888

lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
herrysfpagent
𝑥
≤ 0.4.14
herrysfpagent
0.0.1
herrysfpagent
0.1.0
herrysfpagent
0.1.1
herrysfpagent
0.1.2
herrysfpagent
0.1.3
herrysfpagent
0.1.4
herrysfpagent
0.1.5
herrysfpagent
0.1.6
herrysfpagent
0.1.7
herrysfpagent
0.1.8
herrysfpagent
0.1.9
herrysfpagent
0.1.10
herrysfpagent
0.1.11
herrysfpagent
0.1.12
herrysfpagent
0.1.13
herrysfpagent
0.1.14
herrysfpagent
0.2.0
herrysfpagent
0.2.1
herrysfpagent
0.2.2
herrysfpagent
0.2.3
herrysfpagent
0.2.4
herrysfpagent
0.2.5
herrysfpagent
0.2.6
herrysfpagent
0.2.7
herrysfpagent
0.2.8
herrysfpagent
0.2.9
herrysfpagent
0.2.10
herrysfpagent
0.3.0
herrysfpagent
0.3.1
herrysfpagent
0.3.2
herrysfpagent
0.3.3
herrysfpagent
0.3.4
herrysfpagent
0.3.5
herrysfpagent
0.3.6
herrysfpagent
0.3.7
herrysfpagent
0.3.8
herrysfpagent
0.3.9
herrysfpagent
0.3.10
herrysfpagent
0.4.0
herrysfpagent
0.4.1
herrysfpagent
0.4.2
herrysfpagent
0.4.3
herrysfpagent
0.4.4
herrysfpagent
0.4.5
herrysfpagent
0.4.6
herrysfpagent
0.4.7
herrysfpagent
0.4.8
herrysfpagent
0.4.9
herrysfpagent
0.4.10
herrysfpagent
0.4.11
herrysfpagent
0.4.12
herrysfpagent
0.4.13
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Apr/243
http://www.openwall.com/lists/oss-security/2014/04/16/1
http://www.openwall.com/lists/oss-security/2014/04/18/4
http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html
http://seclists.org/fulldisclosure/2014/Apr/243
http://www.openwall.com/lists/oss-security/2014/04/16/1
http://www.openwall.com/lists/oss-security/2014/04/18/4
http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html